real threat or false positive?

  • Thread starter Thread starter Jack R
  • Start date Start date
J

Jack R

My friend is running Windows2000, with MSAS.
It came up with a possible threat: C:\winnt\system32\windriver32.exe.
I can't find any reference to this file, good or bad...
Is this a threat?
They've blocked it for now.
Thanks,
 
What do the properties of the file have to say about it? Find it with
Explorer and right-click on it.
 
What did MSAS say it was? I think I would trust Microsoft Antispyware on
this one. No references would be unusual for a commercially distributed
executable.
 
Hi Bill, thanks for the quick response.
It's not my system, so I don't have ready access to it, and the owner would
have a problem with 'properties'.
MSAS said it was unrecognized but suspect.
Thanks again,
--
Jack

Bill Sanderson said:
What did MSAS say it was? I think I would trust Microsoft Antispyware on
this one. No references would be unusual for a commercially distributed
executable.
Click to expand...
 
Please verify EXACT spelling of the file in question. I suspect it's
actually WINDRV32.EXE - known to be part of a MyDoom mass mailing worm:
http://www.iamnotageek.com/a/windrv32.exe.php

If this is the case, the person probably has lots of other problems on their
PC. I would suggest they immediately run Hijackthis and post a log at the
Hijackthis Log forum at the following web site:
http://www.spywarewarrior.com/index.php

The fact that "windriver32.exe" brings up not a single hit on google, means
that's probably not the correct spelling.

Good luck!
 
Thanks TJ, very good advice.
I will double-check with them to be sure of the spelling.
If I learn something useful, I will be sure to post it here.
--
Jack R

TJ said:
Please verify EXACT spelling of the file in question. I suspect it's
actually WINDRV32.EXE - known to be part of a MyDoom mass mailing worm:
http://www.iamnotageek.com/a/windrv32.exe.php

If this is the case, the person probably has lots of other problems on
their PC. I would suggest they immediately run Hijackthis and post a log
at the Hijackthis Log forum at the following web site:
http://www.spywarewarrior.com/index.php

The fact that "windriver32.exe" brings up not a single hit on google,
means that's probably not the correct spelling.

Good luck!
Click to expand...
 
Back
Top